What is the purpose of this document
RSM UK Tax and Accounting Limited and RSM UK Management Limited (as well as the other RSM Entities) is each a "data controller", contact details of which are set out at https://www.rsmuk.com/legal-statements. This means that we are responsible for deciding how we hold and use personal information about you. You are being provided with a copy of this privacy notice because you are applying to work with us (whether as a partner, employee or contractor) or are registering to request that we send you relevant job alerts relating to the RSM Entities. It makes you aware of how and why your personal data (i.e. personal information) will be used, namely for the purpose of recruitment, and how long it will usually be retained for. It provides you with certain information that must be provided under the General Data Protection Regulation ((EU) 2016/679) (“GDPR”).
“RSM Entities” means RSM UK Holdings Limited and persons, bodies corporate or partnerships controlled (directly or indirectly) by RSM UK Holdings Limited. This privacy notice does not concern the personal information of employees, partners or contractors of the RSM Entities.
It is important that you read this policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal information about you. This policy supplements any such other notices and is not intended to override them.
We may change the terms of this policy from time to time. This version is dated 4 May 2018.
Data protection principles
We will comply with data protection law and principles, which means that your data will be (i) used lawfully, fairly and in a transparent way, (ii) collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes, (iii) relevant to the purposes we have told you about and limited only to those purposes, (iv) accurate and kept up to date, (v) kept only as long as necessary for the purposes we have told you about, and (vi) kept securely.
The kind of information we hold about you
In connection with your application to work with us and / or registration, we will collect, store, and use the following categories of personal information about you:
- The information you have provided to us in your curriculum vitae or equivalent and any covering letter.
- The information you have provided on any application or registration form (whether online or not), including name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications.
- Any information you provide to us during an interview or assessment (whether spoken, in writing or otherwise).
We may also collect, store and use the following "special categories" of more sensitive personal information (i) information about your race or ethnicity, religious beliefs, sexual orientation and political opinions, (ii) information about your health, including any medical condition, health and sickness records, and (iii) information about criminal convictions and offences.
How is your personal information collected?
We may collect personal information about candidates from the following sources (i) you, the candidate; (ii) the recruitment agency applicable to you; (iii) our external background check and credit reference providers (currently, GB Group and Experian); (iv) the Disclosure and Barring Service in respect of criminal convictions; and (v) your named referees.
How we will use information about you
We will use the personal information we collect about you to (i) send you any relevant job alerts (if you have registered to request them); (ii) assess your skills, qualifications, and suitability for a role; (iii) carry out background and credit reference checks, where applicable; (iv) keep records related to our hiring processes; and (v) comply with legal or regulatory requirements.
It is in our legitimate interests to alert you to the relevant role and/or decide whether to appoint you to the role since it would be beneficial to our business to appoint someone to that role. We also need to process your personal information to decide whether to enter into a contract with you.
We assume responsibility for keeping an accurate record of personal information once you have submitted the information. Please inform us of any changes to your information.
If you fail to provide personal information
If you fail to provide information when requested, which is necessary for us to consider your application or registration (such as evidence of qualifications or work history), we will not be able to process your application or registration successfully. For example, if we require a credit check or references for the applicable role and you fail to provide us with relevant details, we will not be able to take your application further.
How we use special categories of personal information
We will use your special categories of personal information in the following ways:
- We will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test, interview or other assessment.
- We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, your health or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
Information about criminal convictions
We envisage that we will process information about criminal convictions. We will collect information about your criminal convictions history if we would like to offer you the applicable role (conditional on checks and any other conditions, such as references, being satisfactory). We are entitled to carry out a criminal records check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for the applicable role. In particular, the applicable role may require a high degree of trust and integrity.
We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Why might you share my personal information with third parties?
We will only share your personal information with the following third parties for the purposes of processing your application or registration: other RSM Entities, our third party applicant tracking system provider (which is currently Cornerstone OnDemand) along with to a limited extent (i.e. solely so as to collect personal information about you) the third parties set out in section 4 above. All our third-party service providers and other RSM Entities are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.
To the extent that the processing of personal information involves the transfer of such information to a territory that does not provide an adequate level of protection, we shall implement appropriate safeguards in accordance with applicable data protection legislation. You may request details of any safeguards implemented from our Privacy Officer.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Privacy Officer.
We have put in place procedures to deal with any data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long will you use my information for?
We will retain your personal information for a period of 30 months after the date we first receive personal information from you (or on behalf of you). We retain your personal information for that period so that:
- We can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way.
- On the basis that another role may arise in future and we may wish to consider you for that.
- To provide you with relevant job alerts, if you have requested that we provide those alerts to you.
After this period, we will delete your personal information in accordance with our data retention policy.
Your legal rights
Your rights in connection with the personal information
You are entitled to:
- Request access to your personal information;
- Request the correction or erasure of your personal information;
- Object to the processing of your personal information;
- Request a restriction of processing of your personal information; and
- Request the transfer of your personal information to you or to a third party.
To exercise any of the above rights please contact our Privacy Officer.
We may need to request specific information from you to help us to confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Use of our website
We have appointed a Privacy Officer to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the Privacy Officer. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.